The Doppler Quarterly Special Edition 2019 | Page 90

Continuous
Compliance delivers
a holistic, program-
based approach to
both technical and
process-oriented
compliance.
The Impact of Cloud on Highly Regu-
lated Industries
Compliance challenges, of course, vary by industry. Moving
to the cloud exacerbates the impacts of already complex,
interrelated regulations and oversight in highly regulated
industries such as financial services and healthcare.
In any industry, the penalties for noncompliance are stiff.
Companies face potential fines, loss of business, loss of cli-
ents, firings, suspensions – even potential jail terms in cer-
tain circumstances. In retail, for example, companies are
grappling with the effects of the new PCI regulation requir-
ing a business to protect credit card data and customers’
identities. Companies that don’t comply may have to pay
more for credit card transactions – or lose the ability to use
credit cards at all. Noncompliance is clearly not worth the
risk.
Geography Plays a Role
It would be one thing if companies were able to rework
compliance processes globally, just based on the changes
imposed by the cloud. But compliance rules in one locale
don’t always mesh with those in another. Take GDPR and
FCA, for instance. These are a pair of new regulations cre-
ated in the UK that require businesses to protect the pri-
88 | THE DOPPLER | SPECIAL EDITION 2019
vacy of individual data. They were created to govern indi-
vidual data in Europe, but they apply to every global
business that touches European consumers.
These are just the latest examples of geography-specific
regulations that tilt the playing field for companies prepar-
ing compliance plans. As cloud adoption increases, expect
to see more government actions to ensure that data is
accounted for and protected.
Compliance Needs to be Monitored and
Updated
There’s a misconception that monitoring for security and
for compliance amount to the same thing. Security is a big
part of compliance, for sure, and having tools that produce
reports about threat detection and security preparedness
are critical to the survival of any business.
But there’s more to compliance monitoring than keeping
track of security threats. Regular monitoring provides con-
tinuous updates and assessments of issues – in the cloud
and beyond – that are evolving more quickly and unexpect-
edly than ever before. It provides the domain-specific data
that companies need to successfully manage their compli-
ance programs.